Cleanup chart code
This commit is contained in:
ChiefAlexander
parent
103eb067f2
commit
388a499533
38 changed files with 403 additions and 446 deletions
|
|
@ -1,8 +1,8 @@
|
|||
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }}
|
||||
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: {{ include "ingress-nginx.fullname" . }}-admission
|
||||
name: {{ template "ingress-nginx.fullname" . }}-admission
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
|
|
@ -22,6 +22,6 @@ rules:
|
|||
resources: ['podsecuritypolicies']
|
||||
verbs: ['use']
|
||||
resourceNames:
|
||||
- {{ include "ingress-nginx.fullname" . }}-admission
|
||||
- {{ template "ingress-nginx.fullname" . }}-admission
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }}
|
||||
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: {{ include "ingress-nginx.fullname" . }}-admission
|
||||
name: {{ template "ingress-nginx.fullname" . }}-admission
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
|
|
@ -12,9 +12,9 @@ metadata:
|
|||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: {{ include "ingress-nginx.fullname" . }}-admission
|
||||
name: {{ template "ingress-nginx.fullname" . }}-admission
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ include "ingress-nginx.fullname" . }}-admission
|
||||
name: {{ template "ingress-nginx.fullname" . }}-admission
|
||||
namespace: {{ .Release.Namespace }}
|
||||
{{- end }}
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }}
|
||||
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}}
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: {{ include "ingress-nginx.fullname" . }}-admission-create
|
||||
name: {{ template "ingress-nginx.fullname" . }}-admission-create
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
|
|
@ -10,24 +10,23 @@ metadata:
|
|||
{{- include "ingress-nginx.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
spec:
|
||||
{{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }}
|
||||
{{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }}
|
||||
# Alpha feature since k8s 1.12
|
||||
ttlSecondsAfterFinished: 0
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
template:
|
||||
metadata:
|
||||
name: {{ include "ingress-nginx.fullname" . }}-admission-create
|
||||
{{- with .Values.controller.admissionWebhooks.patch.podAnnotations }}
|
||||
annotations:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
name: {{ template "ingress-nginx.fullname" . }}-admission-create
|
||||
{{- if .Values.controller.admissionWebhooks.patch.podAnnotations }}
|
||||
annotations: {{ toYaml .Values.controller.admissionWebhooks.patch.podAnnotations | nindent 8 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "ingress-nginx.labels" . | nindent 8 }}
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
spec:
|
||||
{{- if .Values.controller.admissionWebhooks.patch.priorityClassName }}
|
||||
{{- if .Values.controller.admissionWebhooks.patch.priorityClassName }}
|
||||
priorityClassName: {{ .Values.controller.admissionWebhooks.patch.priorityClassName }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: create
|
||||
image: {{ .Values.controller.admissionWebhooks.patch.image.repository }}:{{ .Values.controller.admissionWebhooks.patch.image.tag }}
|
||||
|
|
@ -38,11 +37,10 @@ spec:
|
|||
- --namespace={{ .Release.Namespace }}
|
||||
- --secret-name={{ template "ingress-nginx.fullname". }}-admission
|
||||
restartPolicy: OnFailure
|
||||
serviceAccountName: {{ include "ingress-nginx.fullname" . }}-admission
|
||||
{{- with .Values.controller.admissionWebhooks.patch.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ template "ingress-nginx.fullname" . }}-admission
|
||||
{{- if .Values.controller.admissionWebhooks.patch.nodeSelector }}
|
||||
nodeSelector: {{ toYaml .Values.controller.admissionWebhooks.patch.nodeSelector | nindent 8 }}
|
||||
{{- end }}
|
||||
securityContext:
|
||||
runAsNonRoot: true
|
||||
runAsUser: 2000
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }}
|
||||
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}}
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: {{ include "ingress-nginx.fullname" . }}-admission-patch
|
||||
name: {{ template "ingress-nginx.fullname" . }}-admission-patch
|
||||
annotations:
|
||||
"helm.sh/hook": post-install,post-upgrade
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
|
|
@ -10,41 +10,39 @@ metadata:
|
|||
{{- include "ingress-nginx.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
spec:
|
||||
{{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }}
|
||||
{{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }}
|
||||
# Alpha feature since k8s 1.12
|
||||
ttlSecondsAfterFinished: 0
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
template:
|
||||
metadata:
|
||||
name: {{ include "ingress-nginx.fullname" . }}-admission-patch
|
||||
{{- with .Values.controller.admissionWebhooks.patch.podAnnotations }}
|
||||
annotations:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
name: {{ template "ingress-nginx.fullname" . }}-admission-patch
|
||||
{{- if .Values.controller.admissionWebhooks.patch.podAnnotations }}
|
||||
annotations: {{ toYaml .Values.controller.admissionWebhooks.patch.podAnnotations | nindent 8 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "ingress-nginx.labels" . | nindent 8 }}
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
spec:
|
||||
{{- if .Values.controller.admissionWebhooks.patch.priorityClassName }}
|
||||
{{- if .Values.controller.admissionWebhooks.patch.priorityClassName }}
|
||||
priorityClassName: {{ .Values.controller.admissionWebhooks.patch.priorityClassName }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: patch
|
||||
image: {{ .Values.controller.admissionWebhooks.patch.image.repository }}:{{ .Values.controller.admissionWebhooks.patch.image.tag }}
|
||||
imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.pullPolicy }}
|
||||
args:
|
||||
- patch
|
||||
- --webhook-name={{ include "ingress-nginx.fullname" . }}-admission
|
||||
- --webhook-name={{ template "ingress-nginx.fullname" . }}-admission
|
||||
- --namespace={{ .Release.Namespace }}
|
||||
- --patch-mutating=false
|
||||
- --secret-name={{ template "ingress-nginx.fullname". }}-admission
|
||||
- --patch-failure-policy={{ .Values.controller.admissionWebhooks.failurePolicy }}
|
||||
restartPolicy: OnFailure
|
||||
serviceAccountName: {{ include "ingress-nginx.fullname" . }}-admission
|
||||
{{- with .Values.controller.admissionWebhooks.patch.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ template "ingress-nginx.fullname" . }}-admission
|
||||
{{- if .Values.controller.admissionWebhooks.patch.nodeSelector }}
|
||||
nodeSelector: {{ toYaml .Values.controller.admissionWebhooks.patch.nodeSelector | nindent 8 }}
|
||||
{{- end }}
|
||||
securityContext:
|
||||
runAsNonRoot: true
|
||||
runAsUser: 2000
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.podSecurityPolicy.enabled }}
|
||||
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.podSecurityPolicy.enabled -}}
|
||||
apiVersion: policy/v1beta1
|
||||
kind: PodSecurityPolicy
|
||||
metadata:
|
||||
name: {{ include "ingress-nginx.fullname" . }}-admission
|
||||
name: {{ template "ingress-nginx.fullname" . }}-admission
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }}
|
||||
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: {{ include "ingress-nginx.fullname" . }}-admission
|
||||
name: {{ template "ingress-nginx.fullname" . }}-admission
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }}
|
||||
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: {{ include "ingress-nginx.fullname" . }}-admission
|
||||
name: {{ template "ingress-nginx.fullname" . }}-admission
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
|
|
@ -12,9 +12,9 @@ metadata:
|
|||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: {{ include "ingress-nginx.fullname" . }}-admission
|
||||
name: {{ template "ingress-nginx.fullname" . }}-admission
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ include "ingress-nginx.fullname" . }}-admission
|
||||
name: {{ template "ingress-nginx.fullname" . }}-admission
|
||||
namespace: {{ .Release.Namespace }}
|
||||
{{- end }}
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }}
|
||||
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ include "ingress-nginx.fullname" . }}-admission
|
||||
name: {{ template "ingress-nginx.fullname" . }}-admission
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
|
|
|
|||
|
|
@ -1,11 +1,11 @@
|
|||
{{- if .Values.controller.admissionWebhooks.enabled }}
|
||||
{{- if .Values.controller.admissionWebhooks.enabled -}}
|
||||
apiVersion: admissionregistration.k8s.io/v1beta1
|
||||
kind: ValidatingWebhookConfiguration
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "ingress-nginx.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
name: {{ include "ingress-nginx.fullname" . }}-admission
|
||||
name: {{ template "ingress-nginx.fullname" . }}-admission
|
||||
webhooks:
|
||||
- name: validate.nginx.ingress.kubernetes.io
|
||||
rules:
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue